hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2483: Take SSLProvider into use

Browse Source 
Servers and listeners now have a SSLProvider member variable that is used
for all SSL related tasks.
This commit is contained in:
Markus Mäkelä 2019-05-21 11:29:26 +03:00
parent cb72b2a5cc
commit 3af66f3309
No known key found for this signature in database
GPG Key ID: 72D48FCE664F7B19
14 changed files with 44 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
include/maxscale/listener.hh
View File

@ -143,11 +143,6 @@ public:
*/
const char* state() const;
/**
* The mxs::SSLContext object
*/
mxs::SSLContext* ssl_context() const;
/**
* Convert to JSON
*
@ -191,6 +186,16 @@ public:
struct users* users() const;
void set_users(struct users* u);
const mxs::SSLProvider& ssl() const
{
return m_ssl_provider;
}
mxs::SSLProvider& ssl()
{
return m_ssl_provider;
}
private:
enum State
{
@ -210,14 +215,13 @@ private:
std::string m_auth_options; /**< Authenticator options */
void* m_auth_instance; /**< Authenticator instance */
std::unique_ptr<mxs::SSLContext> m_ssl_context; /**< SSL context */
struct users* m_users; /**< The user data for this listener */
SERVICE* m_service; /**< The service which used by this listener */
std::atomic<bool> m_active; /**< True if the port has not been deleted */
MXS_PROTOCOL m_proto_func; /**< Preloaded protocol functions */
MXS_AUTHENTICATOR m_auth_func; /**< Preloaded authenticator functions */
MXS_CONFIG_PARAMETER m_params; /**< Configuration parameters */
mxs::SSLProvider m_ssl_provider;
Type m_type; /**< The type of the listener */

20
include/maxscale/server.hh
View File

@ -517,26 +517,20 @@ public:
*/
void response_time_add(double ave, int num_samples);
const mxs::SSLConfig& ssl_config() const
const mxs::SSLProvider& ssl() const
{
return m_ssl_config;
return m_ssl_provider;
}
mxs::SSLContext* ssl_context() const
mxs::SSLProvider& ssl()
{
return m_ssl_context.get();
}
void set_ssl_context(std::unique_ptr<mxs::SSLContext> ssl)
{
m_ssl_context.swap(ssl);
m_ssl_config = m_ssl_context->config();
return m_ssl_provider;
}
protected:
SERVER(std::unique_ptr<mxs::SSLContext> ssl_context)
: m_response_time{0.04, 0.35, 500}
, m_ssl_context{std::move(ssl_context)}
, m_ssl_provider{std::move(ssl_context)}
{
}
@ -544,7 +538,5 @@ private:
static const int DEFAULT_CHARSET = 0x08; /**< The latin1 charset */
maxbase::EMAverage m_response_time; /**< Response time calculations for this server */
std::mutex m_average_write_mutex; /**< Protects response time from concurrent writing */
std::unique_ptr<mxs::SSLContext> m_ssl_context; /**< SSL context */
mxs::SSLConfig m_ssl_config; /**< SSL configuration */
mxs::SSLProvider m_ssl_provider;
};

6
server/core/config_runtime.cc
View File

@ -434,7 +434,7 @@ bool runtime_enable_server_ssl(Server* server,
{
bool rval = false;
if (server->ssl_context())
if (server->ssl().context())
{
config_runtime_error("Server '%s' already configured to use SSL.", server->name());
}
@ -446,7 +446,7 @@ bool runtime_enable_server_ssl(Server* server,
if (ssl)
{
server->set_ssl_context(std::move(ssl));
server->ssl().set_context(std::move(ssl));
if (server->serialize())
{
@ -1903,7 +1903,7 @@ static bool validate_ssl_json(json_t* params, object_type type)
static bool process_ssl_parameters(Server* server, json_t* params)
{
mxb_assert(server->ssl_context() == NULL);
mxb_assert(server->ssl().context() == NULL);
bool rval = true;
if (have_ssl_json(params))

10
server/core/dcb.cc
View File

@ -2150,8 +2150,8 @@ static int dcb_create_SSL(DCB* dcb, mxs::SSLContext* ssl)
*/
int dcb_accept_SSL(DCB* dcb)
{
if (!dcb->session->listener->ssl_context()
|| (!dcb->ssl && dcb_create_SSL(dcb, dcb->session->listener->ssl_context()) != 0))
if (!dcb->session->listener->ssl().context()
|| (!dcb->ssl && dcb_create_SSL(dcb, dcb->session->listener->ssl().context()) != 0))
{
return -1;
}
@ -2227,10 +2227,10 @@ int dcb_connect_SSL(DCB* dcb)
int ssl_rval;
int return_code;
if ((NULL == dcb->server || NULL == dcb->server->ssl_context())
|| (NULL == dcb->ssl && dcb_create_SSL(dcb, dcb->server->ssl_context()) != 0))
if ((NULL == dcb->server || NULL == dcb->server->ssl().context())
|| (NULL == dcb->ssl && dcb_create_SSL(dcb, dcb->server->ssl().context()) != 0))
{
mxb_assert((NULL != dcb->server) && (NULL != dcb->server->ssl_context()));
mxb_assert((NULL != dcb->server) && (NULL != dcb->server->ssl().context()));
return -1;
}
dcb->ssl_state = SSL_HANDSHAKE_REQUIRED;

11
server/core/listener.cc
View File

@ -116,12 +116,12 @@ Listener::Listener(SERVICE* service,
, m_authenticator(authenticator)
, m_auth_options(auth_opts)
, m_auth_instance(auth_instance)
, m_ssl_context(std::move(ssl))
, m_users(nullptr)
, m_service(service)
, m_proto_func(*(MXS_PROTOCOL*)load_module(protocol.c_str(), MODULE_PROTOCOL))
, m_auth_func(*(MXS_AUTHENTICATOR*)load_module(authenticator.c_str(), MODULE_AUTHENTICATOR))
, m_params(params)
, m_ssl_provider(std::move(ssl))
{
if (strcasecmp(service->router_name(), "cli") == 0 || strcasecmp(service->router_name(), "maxinfo") == 0)
{
@ -476,9 +476,9 @@ bool Listener::create_listener_config(const char* filename)
dprintf(file, "authenticator_options=%s\n", m_auth_options.c_str());
}
if (m_ssl_context)
if (ssl().context())
{
dprintf(file, "%s", m_ssl_context->serialize().c_str());
dprintf(file, "%s", ssl().context()->serialize().c_str());
}
::close(file);
@ -606,11 +606,6 @@ void* Listener::auth_instance() const
return m_auth_instance;
}
mxs::SSLContext* Listener::ssl_context() const
{
return m_ssl_context.get();
}
const char* Listener::state() const
{
switch (m_state)

2
server/core/mysql_utils.cc
View File

@ -155,7 +155,7 @@ char* mxs_lestr_consume(uint8_t** c, size_t* size)
MYSQL* mxs_mysql_real_connect(MYSQL* con, SERVER* server, const char* user, const char* passwd)
{
auto ssl = server->ssl_config();
auto ssl = server->ssl().config();
if (!ssl.empty())
{

4
server/core/server.cc
View File

@ -524,9 +524,9 @@ void Server::print_to_dcb(DCB* dcb) const
+ server->stats.n_from_pool + 1);
dcb_printf(dcb, "\tPool availability: %0.2lf%%\n", d * 100.0);
}
if (server->ssl_context())
if (server->ssl().context())
{
dcb_printf(dcb, "%s", server->ssl_context()->to_string().c_str());
dcb_printf(dcb, "%s", server->ssl().context()->to_string().c_str());
}
if (server->proxy_protocol)
{

2
server/modules/authenticator/GSSAPI/GSSAPIBackendAuth/gssapi_backend_auth.cc
View File

@ -191,7 +191,7 @@ static bool gssapi_backend_auth_extract(DCB* dcb, GWBUF* buffer)
*/
static bool gssapi_backend_auth_connectssl(DCB* dcb)
{
return dcb->server->ssl_context() != NULL;
return dcb->server->ssl().context() != NULL;
}
/**

2
server/modules/authenticator/MariaDBBackendAuth/mysql_backend_auth.cc
View File

@ -140,7 +140,7 @@ static int auth_backend_authenticate(DCB* dcb)
*/
static bool auth_backend_ssl(DCB* dcb)
{
return dcb->server->ssl_context() != NULL;
return dcb->server->ssl().context() != NULL;
}
extern "C"

2
server/modules/authenticator/PAM/PAMBackendAuth/pam_backend_auth.cc
View File

@ -52,7 +52,7 @@ static bool pam_backend_auth_extract(DCB* dcb, GWBUF* buffer)
*/
static bool pam_backend_auth_connectssl(DCB* dcb)
{
return dcb->server->ssl_context();
return dcb->server->ssl().context();
}
/**

8
server/modules/protocol/MySQL/mariadbclient/mysql_client.cc
View File

@ -242,7 +242,7 @@ std::string get_version_string(SERVICE* service)
bool ssl_required_by_dcb(DCB* dcb)
{
mxb_assert(dcb->session->listener);
return dcb->session->listener->ssl_context();
return dcb->session->listener->ssl().context();
}
/**
@ -716,7 +716,7 @@ static void check_packet(DCB* dcb, GWBUF* buf, int bytes)
if (bytes == MYSQL_AUTH_PACKET_BASE_SIZE)
{
/** This is an SSL request packet */
mxb_assert(dcb->session->listener->ssl_context());
mxb_assert(dcb->session->listener->ssl().context());
mxb_assert(buflen == bytes && pktlen >= buflen);
}
else
@ -743,7 +743,7 @@ bool ssl_is_connection_healthy(DCB* dcb)
* then everything is as we wish. Otherwise, either there is a problem or
* more to be done.
*/
return !dcb->session->listener->ssl_context() || dcb->ssl_state == SSL_ESTABLISHED;
return !dcb->session->listener->ssl().context() || dcb->ssl_state == SSL_ESTABLISHED;
}
/* Looks to be redundant - can remove include for ioctl too */
@ -786,7 +786,7 @@ int ssl_authenticate_client(DCB* dcb, bool is_capable)
const char* remote = dcb->remote ? dcb->remote : "";
const char* service = (dcb->service && dcb->service->name()) ? dcb->service->name() : "";
if (!dcb->session->listener->ssl_context())
if (!dcb->session->listener->ssl().context())
{
/* Not an SSL connection on account of listener configuration */
return SSL_AUTH_CHECKS_OK;

4
server/modules/protocol/MySQL/mysql_common.cc
View File

@ -953,12 +953,12 @@ mxs_auth_state_t gw_send_backend_auth(DCB* dcb)
if (dcb->session == NULL
|| (dcb->session->state != SESSION_STATE_CREATED && dcb->session->state != SESSION_STATE_STARTED)
|| (dcb->server->ssl_context() && dcb->ssl_state == SSL_HANDSHAKE_FAILED))
|| (dcb->server->ssl().context() && dcb->ssl_state == SSL_HANDSHAKE_FAILED))
{
return rval;
}
bool with_ssl = dcb->server->ssl_context();
bool with_ssl = dcb->server->ssl().context();
bool ssl_established = dcb->ssl_state == SSL_ESTABLISHED;
MYSQL_session client;

4
server/modules/routing/binlogrouter/blr.cc
View File

@ -1477,7 +1477,7 @@ static void diagnostics(MXS_ROUTER* router, DCB* dcb)
}
/* SSL options */
if (auto ssl = router_inst->service->dbref->server->ssl_context())
if (auto ssl = router_inst->service->dbref->server->ssl().context())
{
dcb_printf(dcb, "%s", ssl->to_string().c_str());
}
@ -1954,7 +1954,7 @@ static json_t* diagnostics_json(const MXS_ROUTER* router)
min5 /= 5.0;
/* SSL options */
if (auto ssl = router_inst->service->dbref->server->ssl_context())
if (auto ssl = router_inst->service->dbref->server->ssl().context())
{
json_object_set_new(rval, "master_ssl", ssl->to_json());
}

4
server/modules/routing/binlogrouter/blr_slave.cc
View File

@ -4850,7 +4850,7 @@ static void blr_master_get_config(ROUTER_INSTANCE* router, MasterServerConfig* c
curr_master->password = router->password;
curr_master->filestem = router->fileroot;
/* SSL options */
auto server_ssl = router->service->dbref->server->ssl_config();
auto server_ssl = router->service->dbref->server->ssl().config();
if (!server_ssl.empty())
{
@ -6354,7 +6354,7 @@ static int blr_set_master_ssl(ROUTER_INSTANCE* router,
if (ssl)
{
updated = 1;
router->service->dbref->server->set_ssl_context(std::move(ssl));
router->service->dbref->server->ssl().set_context(std::move(ssl));
/* Update options in router fields */
if (!config.ssl_key.empty())